<?php

include_once MODE_DIR . 'smarty_setup.php';

class db extends smarty_setup
{
    private $db_host = 'localhost';
    private $db_user = 'root';
    private $db_pass = '123456';
    private $db_database = 'yuren';
    public $mysql;
    public $unit_arr;

    public function __construct()
    {
        parent::__construct();
        $this->mysql = new mysqli( $this->db_host , $this->db_user , $this->db_pass , $this->db_database );
        $this->mysql->query( "SET NAMES 'UTF8'" );
        $this->unit_arr = $this->get_unit( 0 );
        $this->assign( "unit" , $this->unit_arr );
    }

    function fetch_assoc( $query_id = 0 )
    {
        return ($query_id) ? @mysqli_fetch_assoc( $query_id ) : false;
    }

    function fetch_row( $query_id = 0 )
    {
        return ($query_id) ? @mysqli_fetch_row( $query_id ) : false;
    }

    function fetch_array( $query_id = 0 )
    {
        return ($query_id) ? @mysqli_fetch_array( $query_id ) : false;
    }

    /**
     * @name 		inject_check
     * @desc		SQL语句过滤
     * @author 		Ren Long
     * @date		2013-07-17
     * @param              sql_str
     * @return             string
     */
    public function inject_check( $sql_str )
    {
        $result = eregi( 'select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile' , $sql_str );
        switch ( $result )
        {
            case TRUE:
                exit( '非法输入' );
                break;
            case FALSE:
                return $sql_str;
                break;
        }
    }

    /**
     * @name 		admin_login
     * @desc		管理登陆
     * @author 		Ren Long
     * @date		2013-07-04
     * @param              user,pass
     * @return             boolean
     */
    public function admin_login( $user = '' , $pass = '' )
    {
        $code = md5( $pass );
        $sql = "SELECT * FROM `yr_users` WHERE `name` = '$user' AND `pass` = '$code'";
        $result = $this->mysql->query( $sql );
        $row = $this->fetch_assoc( $result );
        if ( $row )
        {
            return $row;
        }
        else
        {
            return FALSE;
        }
    }

    /**
     * @name 		usershell
     * @desc		判断用户是否合法
     * @author 		Ren Long
     * @date		2013-07-11
     * @param              uid,user_shell
     * @return             boolean
     */
    public function usershell( $uid = '' , $user_shell = '' )
    {
        session_start();
        $uid = $_SESSION['uid'];
        $user_shell = $_SESSION['user_shell'];
        $sql = "SELECT * FROM `yr_users` WHERE `id` = $uid";
        $result = $this->mysql->query( $sql );
        if ( $result )
        {
            $row = $this->fetch_assoc( $result );
            $temp = md5( $row['name'] . $row['pass'] . ALL_PS );
            if ( ($uid === $row['id']) && ($user_shell === $temp) )
            {
                return TRUE;
            }
            else
            {
                session_destroy();
                exit( "超时,请重新登录&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href='index.php'>返回用户登录页面</a>" );
            }
        }
        else
        {
            session_destroy();
            exit( "超时,请重新登录&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href='index.php'>返回用户登录页面</a>" );
        }
    }

    /**
     * @name 		get_unit
     * @desc		获取所有部门
     * @author 		Ren Long
     * @date		2013-07-04
     * @param              mid
     * @return             array
     */
    public function get_unit( $mid = '' )
    {
        $mid = $mid === '' ? $_REQUEST['mid'] : $mid;
        $sql = "SELECT `member_id`,`member_cname` FROM `yr_member` WHERE `member_parent_id` = '0'";

        if ( $mid )
        {
            $sql .= " AND `member_id` = '$mid'";
        }

        $result = $this->mysql->query( $sql );

        if ( $result )
        {
            $data = array( );
            while ( $row = $this->fetch_array( $result ) )
            {
                $data[] = $row;
            }
            return $data;
        }
        else
        {
            return FALSE;
        }
    }

    /**
     * @name 		get_member_by_unit
     * @desc		获取所有部门成员
     * @author 		Ren Long
     * @date		2013-07-05
     * @param              sequence
     * @param              limit
     * @return             array
     */
    public function get_member_by_unit( $sequence = '' , $limit = '' )
    {
        $sql = "SELECT * FROM `yr_member` WHERE `member_parent_id` != '0'";

        if ( $sequence )
        {
            switch ( $sequence )
            {
                case 1:     //字母正序排列
                    $sql .= " ORDER BY CONVERT(member_cname USING GBK) ASC";
                    break;
                case 2:     //倒序排列
                    $sql .= " ORDER BY CONVERT(member_cname USING GBK) DESC";
                    break;
            }
        }

        if ( $limit )
        {
            $sql .= " LIMIT $limit";
        }

        $result = $this->mysql->query( $sql );

        if ( $result )
        {
            $data = array( );
            while ( $row = $this->fetch_assoc( $result ) )
            {
                $data[] = $row;
            }
            return $data;
        }
        else
        {
            return FALSE;
        }
    }

    /**
     * @name 		get_member_by_one_unit
     * @desc		获取某一部门成员
     * @author 		Ren Long
     * @date		2013-07-05
     * @param              pid
     * @param              limit
     * @param              sequence
     * @return             array
     */
    public function get_member_by_one_unit( $pid = '' , $sequence = '' , $limit = '' )
    {
        $pid = $pid === '' ? $_REQUEST['pid'] : $pid;
        $sequence = $sequence === '' ? $_REQUEST['sequence'] : $sequence;
        $limit = $limit === '' ? $_REQUEST['limit'] : $limit;

        $sql = "SELECT * FROM `yr_member` WHERE `member_parent_id` = '$pid'";

        if ( $sequence )
        {
            switch ( $sequence )
            {
                case 1:     //字母正序排列
                    $sql .= " ORDER BY CONVERT(member_cname USING GBK) ASC";
                    break;
                case 2:     //倒序排列
                    $sql .= " ORDER BY CONVERT(member_cname USING GBK) DESC";
                    break;
            }
        }

        if ( $limit )
        {
            $sql .= " LIMIT $limit";
        }

        $result = $this->mysql->query( $sql );

        if ( $result )
        {
            $data = array( );
            while ( $row = $this->fetch_array( $result ) )
            {
                $data[] = $row;
            }
            return $data;
        }
        else
        {
            return FALSE;
        }
    }

    /**
     * @name 		get_member_by_id
     * @desc		获取指定成员
     * @author 		Ren Long
     * @date		2013-07-09
     * @param              id
     * @return             array
     */
    public function get_member_by_id( $id = '' )
    {
        $id = $id === '' ? $_REQUEST['id'] : $id;
        $limit = $limit === '' ? $_REQUEST['limit'] : $limit;

        if ( is_array( $id ) )
        {
            $data = array( );
            foreach ( $id as $value )
            {
                $sql = "SELECT * FROM `yr_member` WHERE `member_id` = '$value' AND `member_parent_id` != '0'";
                $result = $this->mysql->query( $sql );

                if ( $result )
                {
                    while ( $row = $this->fetch_array( $result ) )
                    {
                        $data[] = $row;
                    }
                }
            }
        }
        else
        {
            $sql = "SELECT * FROM `yr_member` WHERE `member_id` = '$id' AND `member_parent_id` != '0'";

            $result = $this->mysql->query( $sql );

            if ( $result )
            {
                $data = array( );
                while ( $row = $this->fetch_array( $result ) )
                {
                    $data[] = $row;
                }
            }
        }
        return $data ? $data : FALSE;
    }

    /**
     * @name 		update_userinfo
     * @desc		上传用户信息
     * @author 		Ren Long
     * @date		2013-07-04
     * @param              pid,cname,sex,birth,age,phone,personal_ID
     * @return             boolean
     */
    public function update_userinfo( $pid = '' , $cname = '' , $sex = '' , $birth = '' , $age = '' , $phone = '' , $personal_ID = '' )
    {
        $pid = $pid === '' ? $_REQUEST['pid'] : $pid;
        $cname = $cname === '' ? $_REQUEST['name'] : $cname;
        $sex = $sex === '' ? $_REQUEST['sex'] : $sex;
        $birth = $birth === '' ? $_REQUEST['birth'] : $birth;
        $age = $age === '' ? $_REQUEST['age'] : $age;
        $phone = $phone === '' ? $_REQUEST['phone'] : $phone;
        $personal_ID = $personal_ID === '' ? $_REQUEST['per_ID'] : $personal_ID;

        if ( $pid == 0 )
        {
            $sql = "SELECT * FROM `yr_member` WHERE `member_parent_id` = '0' AND `member_cname` = '$cname'";
            $temp = $this->mysql->query( $sql );
            if ( $row = $this->fetch_array( $temp ) )
            {
                return FALSE;
            }
        }

        $sql = "INSERT INTO `yr_member`(`member_id`, `member_parent_id`, `member_cname`, `member_sex`, `member_birth`, `member_age`, `member_phone`, `member_personal_ID`) 
                                    VALUES (NULL,'$pid','$cname','$sex','$birth','$age','$phone','$personal_ID')";

        $result = $this->mysql->query( $sql );
        return $result ? TRUE : FALSE;
    }

    /**
     * @name 		check_user
     * @desc		检查用户是否存在
     * @author 		Ren Long
     * @date		2013-07-04
     * @param              personal_ID
     * @return             boolean
     */
    public function check_user( $personal_ID = '' )
    {
        $personal_ID = $personal_ID === '' ? $_REQUEST['per_ID'] : $personal_ID;
        $sql = "SELECT `member_personal_ID` FROM `yr_member` WHERE `member_personal_ID` = '$personal_ID'";
        $result = $this->mysql->query( $sql );
        return $result ? TRUE : FALSE;
    }

    /**
     * @name 		change_userinfo
     * @desc		修改用户信息
     * @author 		Ren Long
     * @date		2013-07-07
     * @param              id,name,sex,age,phone,personal_ID
     * @return             boolean
     */
    public function change_userinfo( $id = '' , $name = '' , $sex = '' , $age = '' , $phone = '' , $personal_ID = '' )
    {
        $member_id = $id === '' ? $_REQUEST['id'] : $id;
        $member_name = $name === '' ? $_REQUEST['name'] : $name;
        $member_sex = $sex === '' ? $_REQUEST['sex'] : $sex;
        $member_age = $age === '' ? $_REQUEST['age'] : $age;
        $member_phone = $phone === '' ? $_REQUEST['phone'] : $phone;
        $personal_ID = $personal_ID === '' ? $_REQUEST['per_ID'] : $personal_ID;
        $sql = "UPDATE `yr_member` SET `member_cname`='$member_name',
                                        `member_sex`='$member_sex',
                                        `member_age`='$member_age',
                                        `member_phone`='$member_phone',
                                        `member_personal_ID`='$personal_ID' WHERE `member_id`='$member_id'";
        $result = $this->mysql->query( $sql );
        return $result ? TRUE : FALSE;
    }

    /**
     * @name 		del_user_by_uid
     * @desc		删除信息by_uid
     * @author 		Ren Long
     * @date		2013-07-12
     * @param              uid
     * @return             boolean
     */
    public function del_user_by_uid( $uid = '' )
    {
        $uid = $uid === '' ? $_REQUEST['uid'] : $uid;

        $sql = "DELETE FROM `yr_member` WHERE `member_id` = '$uid'";

        $result = $this->mysql->query( $sql );
        return $result ? TRUE : FALSE;
    }

    /**
     * @name 		del_user_by_pid
     * @desc		删除部门及其所有成员信息
     * @author 		Ren Long
     * @date		2013-07-13
     * @param              pid
     * @return             boolean
     */
    public function del_user_by_pid( $pid = '' )
    {
        $pid = $pid === '' ? $_REQUEST['pid'] : $pid;

        $sql = "DELETE FROM `yr_member` WHERE `member_id` = '$pid' OR `member_parent_id` = '$pid'";

        $result = $this->mysql->query( $sql );
        return $result ? TRUE : FALSE;
    }

    /**
     * @name                get_cache
     * @desc                获取缓存数据
     * @author              Ren Long
     * @date                2013-07-09
     * @param string        $path
     * @return              boolean
     */
    public function get_cache( $path = '' )
    {
        $rs = false;
        $file_path = 'cache/' . md5( $path );

        if ( is_file( $file_path )
//                   && (time() <= (filemtime($file_path) + 300))    //5分钟后缓存过期
        )
        {
            $rs = unserialize( file_get_contents( $file_path ) );
        }
        return $rs;
    }

    /**
     * @name                set_cache
     * @desc                设置缓存文件
     * @author              Ren Long
     * @date                2013-07-09
     * @param string        $path
     * @param string        $data
     * @return              void
     */
    public function set_cache( $path = '' , $data )
    {
        $file_path = 'cache/' . md5( $path );
        $string = serialize( $data );
        file_put_contents( $file_path , $string );
    }

    /**
     * @name                result
     * @desc                结果
     * @author              Ren Long
     * @date                2013-06-26
     * @param string        $path
     * @param string        $data
     * @return              void
     */
    protected function result( $type = 'S' , $data = '' )
    {
        $app = trim( $_REQUEST['app'] ) ? trim( $_REQUEST['app'] ) : 'Main';
        $act = trim( $_REQUEST['act'] ) ? trim( $_REQUEST['act'] ) : trim( $_REQUEST['func'] );

        if ( $_REQUEST['result_type'] == 'json' )
        {
            if ( $_REQUEST['jsoncallback'] )
                echo $_REQUEST['jsoncallback'] . '(' . json_encode( array( 'type' => $type , 'data' => $data , 'app' => $app , 'act' => $act ) ) . ')';
            else
                echo json_encode( array( 'type' => $type , 'data' => $data , 'app' => $app , 'act' => $act ) );
        }
        else if ( $_REQUEST['result_type'] == 'amf' )
        {
            return array( 'type' => $type , 'data' => $data , 'app' => $app , 'act' => $act );
        }
        else
        {
            $xml = new XMLWriter();
            $xml->openMemory();
            $xml->startDocument( '1.0' , 'UTF-8' );
            $xml->startElement( 'result' );
            $xml->writeElement( 'type' , $type );

            if ( is_array( $data ) )
            {
                $xml->startElement( 'data' );
                $this->array_2_xml( $xml , $data ); //递归数组值转为xml结点
                $xml->endElement();
            }
            else
            {
                //$xml->writeElementNs()
                $xml->startElement( 'data' );
                $xml->writeRaw( $data );
                $xml->endElement();
            }
            $xml->writeElement( 'app' , $app );
            $xml->writeElement( 'act' , $act );
            $xml->endElement();
            $result = $xml->outputMemory(); //输出xml
            header( "content-type: text/xml" );
            echo $result;
            exit;
        }
    }

    function array_2_xml( &$xml , $data )
    {
        foreach ( $data as $key => $value )
        {
            if ( is_array( $value ) )
            {
                if ( is_numeric( $key ) )
                {
                    $xml->startElement( 'item' );
                }
                else
                {
                    $xml->startElement( $key );
                }
                $this->array_2_xml( $xml , $value );
                $xml->endElement();
                continue;
            }
            if ( is_numeric( $key ) )
            {
                $xml->writeElement( 'item' , $value );
            }
            else
            {
                $xml->writeElement( $key , $value );
            }
        }
    }

}

?>
